A client moved one of our domains under their control, and they have set Azure Nameservers so that we can still control the sub-domains etc. from the Azure portal.
This worked fine until the certificate expired and Cert-manager (Kubernetes) tried to re-issue.
My web server is (include version):
Kubernetes 1.18.10, cert-manager 1.6.1
The operating system my web server runs on is (include version):
N/A
My hosting provider, if applicable, is:
Azure
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Azure Portal and CLI
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
cert-manager 1.6.1
I'm not sure what your question to the Let's Encrypt Community is. Clearly DNSSEC is broken, which is an issue with greater impact than just getting a new certificate. At this moment, any DNSSEC enabled DNS resolver is unable to resolve this domain name at all, so this website will be down for any user with a DNSSEC enabled DNS resolver. Regardless the certificate.
The only thing I can advice is to fix the DNSSEC issue.
ok thanks, do you have any pointers about how I can resolve this?
I have a domain zone set up in Azure, so maybe there's something that can be added there?
This doc says DNSSEC is not supported in Azure. What are my options if that's the case?
If DNSSEC is not supported by the authorative DNS servers, the DS resource record should be removed from the .com zone. This can done by the DNS registar.